From 3db945959185c5d77cebc7c8d35cc249c96f246f Mon Sep 17 00:00:00 2001
From: Badlop <badlop@process-one.net>
Date: Mon, 27 Apr 2020 20:03:07 +0200
Subject: [PATCH] Don't offer X-OAUTH2 if the only auth method enabled is
 Anonymous (#3209)

---
 src/ejabberd_c2s.erl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ejabberd_c2s.erl b/src/ejabberd_c2s.erl
index 9e0274cf8..36a6af195 100644
--- a/src/ejabberd_c2s.erl
+++ b/src/ejabberd_c2s.erl
@@ -386,7 +386,7 @@ sasl_mechanisms(Mechs, #{lserver := LServer} = State) ->
 	 (<<"DIGEST-MD5">>) -> Type == plain;
 	 (<<"SCRAM-SHA-1">>) -> Type /= external;
 	 (<<"PLAIN">>) -> true;
-	 (<<"X-OAUTH2">>) -> true;
+	 (<<"X-OAUTH2">>) -> [ejabberd_auth_anonymous] /= ejabberd_auth:auth_modules(LServer);
 	 (<<"EXTERNAL">>) -> maps:get(tls_verify, State, false);
 	 (_) -> false
       end, Mechs -- Mechs1).